Vulmon
Recent Vulnerabilities
Discussions
Trends
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
Recent vulnerabilities and exploits
6.9
CVSSv2
CVE 2012-0056
The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper....
Linux
Linux Kernel
2 EDB exploits available
51 Github repositories available
1 Article available
7.2
CVSSv2
CVE-2018-14665
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run...
X.org
Xorg-server
Canonical
Ubuntu Linux
Debian
Debian Linux
Redhat
Enterprise Linux Desktop
Enterprise Linux Server
Enterprise Linux Server Aus
Enterprise Linux Server Eus
Enterprise Linux Server Tus
Enterprise Linux Workstation
4 EDB exploits available
3 Metasploit modules available
15 Github repositories available
1 Article available
NA
CVE-2020-9354
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) saveFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL allows an unauthenticated attacker to overwrite files via vectors involving an...
NA
CVE-2020-9351
An issue was discovered in SmartClient 12.0. If an unauthenticated attacker makes a POST request to /tools/developerConsoleOperations.jsp or /isomorphic/IDACall with malformed XML data in the _transaction parameter, the server replies with a verbose error showing where the...
NA
CVE-2020-9352
An issue was discovered in SmartClient 12.0. Unauthenticated exploitation of blind XXE can occur in the downloadWSDL feature by sending a POST request to /tools/developerConsoleOperations.jsp with a valid payload in the _transaction parameter....
NA
CVE-2020-9355
danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled....
NA
CVE-2020-9353
An issue was discovered in SmartClient 12.0. The Remote Procedure Call (RPC) loadFile provided by the console functionality on the /tools/developerConsoleOperations.jsp (or /isomorphic/IDACall) URL is affected by unauthenticated Local File Inclusion via directory-traversal...
7.5
CVSSv2
CVE-2017-5641
Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not restrict which types were allowed for AMF(X) object deserialization by default. During the deserialization process code is executed that for several known types has undesired side-effects. Other, unknown types...
Apache
Flex Blazeds
5 Github repositories available
1 Article available
NA
CVE-2019-19943
Remote Unauthenticated Heap Memory Corruption in Quick N' Easy Web Server <= 3.3.8...
1 Github repository available
NA
CVE-2020-9350
Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph template that is accessed directly....
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
curl
CVE-2012-5365
CVE-2020-3765
CVE-2020-9338
aterm wf1200c firmware
unprivileged
command injection
CVE-2020-8840
CVE-2012-5363
CVE-2018-13379
inject
haxx
atos
1
2
3
4
5
NEXT »
Vulmon